Spectre-NG

Security Researchers discovered 8 new Spectre level critical Vulnerabilities in Intel CPU’s which is named as “Spectre Next Generation (Spectre-NG)” and each has their own CVE & Patches.

Previously discovered highly critical vulnerabilities Spectre and Meltdown have been made a huge impact in IT sectors.

Spectre and Meltdown flaw allow an attacker to steal the data that currently processed on the computer it includes the process of personal photos, Emails, Password manager, instant messages and sensitive documents.

Recent discovered “Spectre Next Generation or Spectre-NG”  vulnerabilities have their own names and this flaw have been affected some of the ARM CPUs as well.

Group of security researchers has been reported all these vulnerabilities to Intel and Intel is already working on its own patches for Spectre-NG.

Also, Intel Planned to work with other operating system manufacturers and planning to release the patch in two waves. first one will be May 2018 and the second one will be August 2018.

Google Zero-day elite hackers have been reported one of the 8 vulnerabilities and they have 90-day deadline policy to fix the vulnerability so it was unclear about going public when the deadline ends.

According to Intel, 4 Vulnerabilities are classified as the severity of “high risk” and other 4 vulnerabilities are “Medium risk” in this Out of 8 Spectre-NG Vulnerabilities.

These high-risk vulnerabilities attack scenario similar to the Spectre vulnerability and one of the 8 vulnerability has estimated the potential risk is higher than old Spectre vulnerability.

According to Researchers, Specifically, an attacker could launch exploit code in a virtual machine (VM) and attack the host system from there – the server of a cloud hoster, for example. Alternatively, it could attack the VMs of other customers running on the same server.

Also, Spectre-NG vulnerability exploitation is quite easier for the attackers across system boundaries.

Researchers warned that this Spectre-NG flaw danger for private individuals and corporate PCs and they should be taken seriously and the upcoming Spectre-NG updates should be installed quickly after their release.

A Spectre-NG vulnerability has been clearly double and triple check the consequences of the flaw and researchers denied to publish technical details as long as there is still a chance that manufacturers will get their security updates ready before the details of the flaws become public.

In this case, Microsoft already started working for patches and PC manufacturers are taking too long to provide BIOS updates. Microsoft already announced up to $250,000 in a bug bounty program for Spectre flaws .